are proposing similar laws to permit monitoring
of Internet communications.

Governments and
telecom companies are working closely

on how to lawfully monitor
Internet communications.
Photo by Ernest Nikl/iStockphoto.

When Americans are displeased with their
politicians, they like to threaten to move to Canada.

But if you’re tempted to move north - or even
further afield - to get away from plans for increased Internet surveillance
by the government, think again. Controversial new surveillance laws proposed
in the
United States,
Canada, the
United Kingdom, and
Australia have quite a
bit in common. And it’s no coincidence.

Over the past few months, authorities in these countries have separately
been arguing the case for expanded power to monitor Internet communications.
Changes could include making it mandatory for social networks and online
chat providers to build in back doors for law enforcement eavesdropping and
instituting so-called “deep packet inspection” technology to enable
monitoring and interception of data.

The plans have prompted an outpouring of
negative reaction, much of it
centered
on concerns about government invading Internet users’ privacy.

But what has gone largely unremarked upon is the
role played by little-known networks of telecom companies and international
government agencies, which have been quietly collaborating to reform
surveillance laws so that they are “harmonized” to a similar standard from
country to country.

In cities across the world, groups composed of telecom companies and
government representatives have met to discuss how to integrate surveillance
capabilities into existing and developing technologies.

The decisions they have made, largely beyond
public scrutiny, could lead to a fundamental shift in the Web’s basic
architecture.

Below, alongside links to documents offering insight into ongoing
discussions between industry and government on surveillance issues, you can
find details about some of the key organizations, countries, and companies
involved.

The Alliance for
Telecommunications Industry Solutions

ATIS is an organization that brings
together the communications industry and law enforcement.

Focused mainly on North America but
collaborating internationally, ATIS’s list of more than
180 members includes
the FBI’s specialist Electronic Surveillance Technology Section
alongside many familiar companies:

Microsoft

AT&T

Sprint Nextel

T-Mobile

Time Warner Cable

Verizon,

...among others.

ATIS runs a series of subcommittees and task forces, some of which
focus
specifically on integrating surveillance capabilities into the latest
communications technologies.

One recent
ATIS presentation, given by a
representative from CenturyLink in late 2011, detailed how the organization
was working on updating standards for intercepting communications sent over
voice over IP chat services (like
Skype) and
IMS networks.

IMS is considered
a “next generation” telecom network that combines mobile and fixed networks
into one.

Law enforcement agencies see IMS as a challenge
in part because it can enable difficult-to-intercept mobile VOIP calls.

The European
Telecommunications Standards Institute

Like ATIS, the European Telecommunications Standards Institute (ETSI) has been
working with government and law enforcement agencies to integrate
surveillance capabilities into communications infrastructure.

ETSI holds meetings on lawful interception three times a year, attended by
up to 80 participants from countries such as the United Kingdom, the United
States, Canada, and Australia. It has more than
700 members across five
continents.

Some are government departments tasked with
upgrading surveillance laws in their respective countries:

Canada’s public safety department

Australia’s attorney general’s
department

the National Technical Assistance
Centre, a subunit of the U.K. spy agency GCHQ

Several of the world’s largest telecom firms,
including,

Vodafone

RIM

Nokia Siemens

British Telecom in previous years,

...participate in ETSI’s lawful-interception
meetings.

ETSI’s January 2012
white paper on “security for ICT” (information and communication technologies) detailed that it is
working toward,

“the standardization of lawful
interception,” and has the “active participation of the major telecom
manufacturers, network operators, and regulatory authorities of Europe
and from around the world.”

Ultan Mulligan, an ETSI spokesman, said
the organization focuses on finding “agreed technical solutions” to lawful
interception across borders because it’s not economical for
telecommunications companies to have a different mechanism in each country.

He added that consumer groups and universities
focused on telecommunications and ICT industry can attend and contribute to
ETSI’s lawful interception meetings if they are
paid-up members.

An ETSI
presentation dated 2011 shows the organization is working to help
enable cross-border interception of data held by cloud storage services.

The 3rd Generation
Partnership Project

The 3rd Generation Partnership Project unites six telecommunications
standards bodies, including ETSI and ATIS, which meet regularly and host a
series of quarterly plenary meetings.

Jargon and acronym-laced minutes from 3GPP
meetings published online occasionally offer a fascinating glimpse into the
scale of international collaboration on upgrading surveillance capabilities.

During meetings in
Estonia and
Italy in 2010 and 2011, for instance, it was
revealed that law enforcement representatives from the United Kingdom,
Canada, and the Netherlands expressed reservations about adopting so-called
“man-in-the-middle” attacks - a kind of hacking - to intercept
communications as they are being sent over IMS networks.

The United Kingdom in particular was said to be
concerned that performing an “active attack” to spy on people “may be
illegal” under British law. The U.K. was reportedly working on a separate
method of intercepting IMS communications so it would not have to resort to
man-in-the-middle attacks.

In recent weeks 3GPP meetings have
focused on the “challenges for
interception” posed by cloud storage of data. The group is trying to find a
solution that will enable law enforcement agencies to monitor, and have
access to, cloud data as part of their investigations.

The Telecommunications
Industry Association

The TIA is a trade group based in Washington, D.C., which works to address
policy issues and set standards for the telecommunications industry.

Formed in 1988, the group operates a series of
committees and subcommittees, attended by companies including,

Sprint
Nextel

Nokia Siemens Networks

Verizon Wireless,

...which deal with
issues covering electronic surveillance.

The TIA is currently helping
develop standards for interception of VOIP and data retention alongside ETSI
and ATIS.

Interestingly, it has also been
pressuring
authorities in India to adopt global standards for surveillance, calling on
the country’s government to create a,

“global cooperation and collaboration on
lawful access and interception.”

This was a collective commitment made by all
participating organizations - among them ETSI, the TIA, and ATIS - to work
toward “common, harmonized, shared systems of law” relating to
communications interception.

Canada has also signed - but not ratified - the
treaty, and Australia
intends to sign. The convention codifies a commitment
to establish a system of mutual assistance for issues related to computer
crime. This includes measures related to enabling real-time surveillance of
communications content.

A Canadian
parliament report in 2006 noted that the convention’s call for
“harmonization of lawful access legislation” was a factor in its own push
for new surveillance powers.

“legislation existing in other countries,
primarily the United States, the United Kingdom and Australia.”

Designed to ensure that law enforcement agencies
could legally intercept any communication regardless of the technology used
to send it, C-74 never became law due in part to opposition from the public
and civil liberties groups.

But
Bill C-30, currently being pursued by
Canada’s government, is essentially a second generation version of C-74 and
would implement many of the same powers.

Unlike in previous decades, though, the proposed expansion of surveillance
today is inward-looking: domestic, not foreign.

It is linked not to
combating state-level threats but to unprecedented technological advances.
With more people communicating online than ever before,
authorities say they
are losing the ability to track and monitor suspects and that secrecy is
necessary to conceal their techniques from criminals.

Given this, it makes some sense that governments and technology firms are
working together to find solutions. The problem is that the relationship is
tainted by a lack of openness.

I’m not suggesting here that we’re in the depths of some sort of grand
conspiracy, and nor am I arguing that the FBI should reveal intricate
details about its surveillance methods or divulge the inner workings of its
most complicated interception technologies - things that might actually be a
benefit to serious criminals.

What I’m saying is that without greater levels
of public scrutiny or input, officials will sow mistrust - and end up
defeating themselves.